OpenAI Rolls Out ChatGPT Lockdown Mode to Block Data Exfiltration

OpenAI has begun deploying a new Lockdown Mode for ChatGPT, targeting personal accounts on Free, Go, Plus, Pro, and self-serve ChatGPT Business plans. The feature is designed for users and organizations handling sensitive data who need stronger guarantees against prompt injection attacks, a frontier-class threat that continues to affect all large language models. Lockdown Mode works by restricting outbound network requests, effectively narrowing the attack surface without altering how memory, file uploads, or conversation sharing function inside ChatGPT.

When activated, Lockdown Mode disables or significantly limits several tools capable of connecting to the web or external services. Live web browsing is restricted to cached content only, image generation and retrieval are suspended, and Deep Research, Agent mode, and Canvas networking are disabled, blocking users from approving code that could reach external infrastructure. File downloads for data analysis are also blocked, eliminating a common vector for URL-based data exfiltration. OpenAI cautions that Lockdown Mode and Developer Mode are mutually exclusive, turning on one automatically disables the other, and the company emphasizes the feature is not intended for general users.

OpenAI is careful to note that Lockdown Mode reduces risk but does not eliminate it. Prompt injection remains possible through avenues like malicious instructions embedded in uploaded files, which can still influence ChatGPT's responses. Residual exposure may also persist through enabled Apps, unexpected combinations of capabilities, or newly discovered techniques. In parallel, OpenAI launched a session management feature that lets users review active logins by device, application, approximate location, and sign-in date, with the ability to terminate individual or all sessions if unauthorized activity is suspected, a useful signal for anyone monitoring their accounts with an email breach checker.

For security teams and privacy-conscious users, the rollout underscores a broader shift toward treating LLM interactions as a regulated data-handling surface rather than a benign chat interface. Anyone working with proprietary or regulated data in AI tools should evaluate session hygiene, review active devices, and audit their exposure profile with a comprehensive privacy checkup. As prompt injection techniques mature alongside agentic workflows, defense-in-depth controls like Lockdown Mode are likely to become standard rather than optional.